The Senate Judiciary Committee took a step on Thursday toward updating the nation’s outdated laws related to when law enforcement and other government agencies can access e-mail and other electronic communications.

As part of legislation to modernize the Video Privacy Protection Act, the committee attached provisions that would update the 1986 Electronic Communications Privacy Act. Senate Judiciary Chairman Patrick Leahy, D-Vt., acknowledged that the bill is unlikely to pass Congress before the end of the year but said it would help advance work on the issue in the 113th Congress.

Rep. Bob Goodlatte, R-Va., the sponsor of the video privacy bill and chairman of the House Judiciary Intellectual Property, Competition, and the Internet Subcommittee, said he would prefer to see the ECPA provisions stripped from the legislation so his video privacy bill could move on its own before the end of the year. The video privacy bill, which the House passed late last year, would update a 1988 law aimed at protecting the privacy of consumers' video-viewing records to allow companies such as Netflix to obtain one-time consent to share a customer's video-rental information with others.

“It is my hope that we can separate the VPPA fix this Congress and move forward with that, while taking more time to examine EPCA,” Goodlatte, who will chair the House Judiciary Committee in the next Congress, said in a statement. “I certainly agree that ECPA is something that Congress should look at closely to see if updates or reforms are necessary but I do not think that it is possible to complete the thorough examination that is needed in the short amount of time we have in this lame duck session.”

Privacy groups, tech firms, and others have been pressing lawmakers to update ECPA to reflect the vast changes in technology since the law was first enacted. They argue that many of the law’s protections are out of date and provide inconsistent protection depending on how long and where an e-mail and other electronic records are stored. For example, law enforcement can obtain e-mail that is six months old or older from a third-party provider like Google or Microsoft with a subpoena.

The ECPA amendment the committee adopted to the video privacy legislation would require law enforcement, with a few limited exceptions, to seek a warrant based on probable cause before obtaining e-mail from a third party.

“Three decades after the enactment of ECPA, Americans face even greater threats to digital privacy,” Leahy said. “With the explosion of new technology and the expansion of government surveillance power … the committee has an important opportunity to begin to address this privacy challenge.”

The issue of e-mail privacy has gained new attention in recent weeks after Gen. David Petraeus resigned when an extramarital affair he had was revealed through e-mails obtained by the FBI.

The committee began marking up the video privacy legislation in September but postponed action after Judiciary ranking member Chuck Grassley, R-Iowa, raised concerns that the proposed changes to ECPA would hamper the ability of law enforcement to carry out investigations. In response, Leahy drafted an amendment adopted by the committee on Thursday that made some changes, including giving law enforcement officials more time before they are required to notify an individual that their e-mail or other communications have been obtained from a third-party provider.

Grassley said he still has concerns with the legislation but voted to move the bill out of committee with the understanding that supporters would continue to try to address his concerns. “I believe we can craft the bill in a way that increases e-mail privacy but protects law enforcement’s ability to obtain information as part of a criminal investigation,” Grassley said. “While I don’t believe this version strikes the proper balance, I think it is the start of an important discussion.”

The committee rejected an amendment from Grassley that would have retained the current subpoena standard for investigations involving child abductions, child pornography, and violent crimes against women such as rape. Leahy and other committee members said that the bill already provides exceptions for investigations involving such emergency situations. The committee approved a handful of other amendments including one that would limit the one-time consent for sharing video rental information to one year.

Despite the changes Leahy made to his ECPA legislation, many of the groups that have been pushing Congress to overhaul the law say they still support the measure. “We believe the central privacy protection of the bill—a search warrant for all content—remains in place so we think it would be a substantial step forward for privacy,” Chris Calabrese, legislative counsel for the American Civil Liberties Union, told National Journal.

FROM OUR SPONSORS

sponsored

JOIN THE DISCUSSION

By using this service you agree not to post material that is obscene, harassing, defamatory, or
otherwise objectionable. Although Nextgov does not monitor comments posted to this site (and has
no obligation to), it reserves the right to delete, edit, or move any material that it deems to
be in violation of this rule.

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

Data-Centric Security vs. Database-Level Security

Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.